Security Audit Codebase
Skill Verifiziert AktivPerform a security audit of a codebase checking for exposed secrets, vulnerable dependencies, injection vulnerabilities, insecure configurations, and OWASP Top 10 issues. Use before publishing or deploying a project, for periodic security reviews, after adding authentication or API integration, before open-sourcing a private repository, or when preparing for a security compliance audit.
To help developers and teams identify and fix security vulnerabilities in their codebase before deployment or open-sourcing, ensuring a more secure and compliant project.
Funktionen
- Scan for exposed secrets (API keys, connection strings, private keys)
- Check .gitignore coverage for sensitive files
- Audit project dependencies for known vulnerabilities
- Detect SQL, command, and XSS injection vulnerabilities
- Review authentication and authorization configurations
- Check for insecure configurations (debug mode, permissive CORS, HTTP)
- Generate a structured security audit report
Anwendungsfälle
- Before publishing or deploying a project
- For periodic security reviews of existing projects
- After adding authentication, API integration, or user input handling
- Before open-sourcing a private repository
Nicht-Ziele
- Performing dynamic analysis or penetration testing
- Fixing vulnerabilities automatically (provides guidance for manual remediation)
- Auditing compiled binaries or non-source code artifacts
Installation
/plugin install agent-almanac@pjt222-agent-almanacQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Security Audit
99Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Codex PR Review
100Überprüft Pull Requests in Drupal 11 (oder anderen) Projekten gemäß der Codex-Methodik (Geschäftslogik, Edge Cases von Hooks/Queries, Sicherheit, Performance, Vollständigkeit). Generiert einen .md-Bericht im erkannten IDE-Ordner (.antigravity/, .cursor/, .vscode/ oder docs/) mit Befunden nach Schweregrad und umsetzbaren Lösungen. Verwenden Sie dies, wenn der Benutzer "Codex-Überprüfung", "PR-Überprüfung", "PR überprüfen", "PR überprüfen" anfordert.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Security Auditor
98Security vulnerability expert covering OWASP Top 10 and common security issues. Use when conducting security audits or reviewing code for vulnerabilities.
TradeMemory Protocol
100Domänenwissen für die Evolution Engine — LLM-gestützte autonome Strategieentdeckung aus rohen OHLCV-Daten. Behandelt die Schleife Generieren-Backtesten-Auswählen-Entwickeln, vektorisiertes Backtesting, Out-of-Sample-Validierung und Strategiegraduierung. Verwenden Sie es beim Entdecken von Handelspatterns, Ausführen von Backtests, Entwickeln von Strategien oder Überprüfen von Evolutionsprotokollen. Löst aus bei "evolve", "discover patterns", "backtest", "evolution", "strategy generation", "candidate strategy".